Modify the Winamp font size

Source: Internet
Author: User
Tags textout
Modify the Winamp font size
Dianjing studio-liang lifeng

Statement

Individuals can freely repost this article, but they should maintain the integrity of the original article and notify me. For commercial reprinting, please contact me first.

This article does not explicitly or explicitly indicate that this article is completely correct. You may choose to read and use the content of this article, and you shall not be liable for it.

If you find any mistakes in this article, please point out to me; if you do not understand anything, please give it to me.

Comments, suggestions and questions are best written on the message board of my home http://llf.126.com.

Winamp Problems

People who have used Winamp will probably know that when Winamp displays the song name on its main form, the font size is smaller than what we often call ", 9", so the display result is very poor. The Japanese once made a Winamp display plug-in yuna sexy font to display the song name in the overwrite mode. It does work, but I don't like it-just change the font size, but I need a plug-in, it is really not cost-effective to waste a lot of system resources!

Can I directly modify the executable file of Winamp to display ", 9" directly? Of course, yes. However, the problem is that after we modify the font of all the dialogs in its resources, the song name is not "9, 9". Why? Naturally, Winamp is the font size set on the source program, which makes it difficult to modify the font size.

Another point is that although we want to display ", 9", it is not 9 for Winamp, from the settings of the "display" in the "display" option dialog box, we can know that when it is set to 12, it displays what we call ", 9 ".

In addition, when you do not use yuna sexy font, you must turn off the option "show" to show the main title with dot matrix "in the option dialog box to display the text in the middle.


Modification Attempt

Okay, let's start modifying the Winamp font size. Before that, we need to unify our equipment.

First, I use Windows 98 Simplified Chinese version, Winamp is 2.63 English version, and the Chinese Language Pack "Chinese" made by brucez. LNG ". In addition, as mentioned in the previous section, set" font size of the playlist "to 12 and" use dot matrix words to display the main title.

Then we can start.

Run trw2000, select winamp.exe, and click "LOAD". The debugging screen of trw2000 is displayed. Type "BPX createfont" to interrupt Winamp when calling the API function createfont, then press F5 to run Winamp.

After a long wait, I thought it was a crash, but the debugging screen of trw2000 finally came out again, staying at the entrance of the API function createfonta (createfonta is the ASCII version of createfont.

Now, let's take a look at the number of createfont calls made by Winamp at startup, so press "F5" until the number of trw2000 interruptions is reached, winamp calls createfont four times at startup.

Now, close Winamp, click "LOAD" on the trw2000 form again, and the debugging form of trw2000 appears again. Press "F5" and wait until the debugging form of trw2000 appears again, press "F10" all the time. We can see that the createfont function is located in the GDI module, where a function of the kernel module is called and Winamp is returned, because the parameter needs to be seen before createfont is called, to determine which call corresponds to the song name, use "BC" to clear the breakpoint and set the breakpoint in the last return statement of the kernel, then press "F5" until Winamp starts running and closes it.

"Load" again, press "F5", this time it stops on the Return Statement in the kernel, and then press "F10" to return to the code area where Winamp is located, and look up, you can see the following code:


PUSH EDXCALL EDI


We can verify that "Call EDI" is "Call GDI!" here! Createfonta ". In addition, because the first parameter of the createfont function represents the font size," Push edX "is the parameter here. On "Push edX", Press "F9" to set the breakpoint, then press "F5" again, go to the Return Statement in the kernel, and press "F10" to return to the Winamp code area, look up, there are some code like this:


PUSH BYTE -0ACALL EDI


You can also verify that "Call EDI" is "Call GDI!" here! Createfonta ", so on" Push byte-0a ", Press" F9 "to set the breakpoint, and then press" F5 "again. It is found that the third call to createfont is the same as the first address, the fourth call is the same as the second call. When the first or third call is executed to "Call EDI", the value at the top of the stack is "F4 FF ", it is fffff4h, and when the second and fourth calls are executed to "Call EDI", the value at the top of the stack is "F6 FF", that is, fffffff6h.

This is because when createfont is called, it is displayed normally only when the font size value is negative. If it is positive, the result is slightly smaller, therefore, all calls here assign a negative value. fffffff4h is the decimal "-12", while fffffff6h is the decimal "-10", so we can speculate that, the results of the first and third calls are "9, 9", while those of the second and fourth calls are" 8, 8 ". (In details, the second call is to display the Winamp version number in the song name display area, and the fourth call is to display the song name)

Now, in order to test, during the second and fourth calls, when "Call EDI" is executed, type "e esp" and modify the parameters in the stack, it turned out to be "F6 FF", changed to "F4 FF", and then continued to run the program. We can see that the song name in Winamp is "9, 9!

Then the source file is modified. From the code, you only need to change "Push byte-0a" to "push byte-0C, however, trw2000 left the Assembly command "a" to the registered user, so we need to determine the code to be modified.

First, "Byte" is a type identifier, which specifies that "-0a" is a byte length value. Of course, as "push, in a 32-bit system, the four-byte value is always pushed into the stack. However, the CPU is converted here, convert a single-byte "-0a" to a four-Byte "-0a", but this does not matter to us, we only need to know that "-0a" is "F6.

OK. Type "code on" to view the byte stream. The value is "6a F6" relative to "push byte-0a, you can change it to "6a F4. Now write down some of its front bytes. Here is "68 90 01 00 00 55 55 6a F6" (remember what "90 01 00 00" is? By the way, it is the character width. If you want to change it to bold, you can modify it here :), and then exit Winamp and trw2000.

Use uedit to open winamp.exe and find "68 90 01 00 00 55 55 6a F6". Only one of them is found, so the last "F6" is changed to "F4 ", then run Winamp, which is good, isn't it? :)

Last question

Although I use the English version here, this method also applies to tianwei male Chinese version because it is a code modification and has nothing to do with resources, however, the brucez Chinese Version cannot be used because it is compressed and cannot be completely decompressed using existing tools, because the fi test is used to compress ASPack, however, unaspack cannot be decompressed normally, so encryption is still performed.

I personally prefer the Chinese Language Pack "Chinese. lng". So what is this ". lng" file? It's actually a dynamic link library, and brucez's "Chinese. LNG is also compressed, but unaspack can be used for normal decompression. Of course, this is of no use, because it can be used normally without pressure, and if you want to obtain the resources, no matter what method it uses for compression and encryption, you can use the API function loadlibary to obtain it completely. After all, since Windows can read and display normally, we can do the same!

Now, back to Winamp, we can see that although the song name area is indeed displayed as "9, 9", the top line of the font is cut, this is the problem we should solve. I have no energy to solve this problem, but I think, if we only display less words, you can try to track the API function textout (there must be a lot of textout calls). If you want to modify the size of the display area of the song name, I want to track the cut function. What exactly is it? I don't know. :(

I would like to say that trw2000 is a debugging tool, rather than (or not just) a cracking tool. Do not always think about how to crack it. think more about how to improve the software.

Another method

After writing this article and uploading it, I found that the above introduction is actually very tedious, but it is not necessary to use trw2000. So I will add this section to briefly describe this method. This method does not need to press 'f10' until... as I said above ...", You only need to use a "pmodule" command, so it is very convenient.

Open trw2000, select winamp.exe, and click "LOAD". The debugging form is displayed. Type "BPX createfont", Press "F5", wait until the debugging form of trw2000 appears again, type "pmodule", return to the code area where Winamp is located, and look up, you can see the following code:


PUSH EDXCALL EDI


On "Push edX", Press "F9" to set the breakpoint, and then press "F5" to run again. When the debugging form of trw2000 appears again, type "pmodule ", return to the code area where Winamp is located. You can see the following code:


PUSH BYTE -0ACALL EDI


On "Push byte-0a", Press "F9" to set the breakpoint, and then press "F5" to run. It is found that the third and fourth calls are the same as the preceding two call addresses, then we know that we only need to change "Push byte-0a" to "push byte-0C.

The subsequent steps are the same, slightly.

I have to say that the "pmodule" command is very useful ("pnewsec" is also very useful), and I can't remember it. It really shouldn't. :(


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.